Adobe released security patches that fix critical and important vulnerabilities with Adobe Bridge CC, Adobe Media Encoder, Adobe Illustrator and Adobe Animate CC.
These vulnerabilities allow an attacker to escalate privileges, steal sensitive information and execute arbitrary code with user consent.
APSB19-34 – Adobe Animate CC
The update resolves insecure library loading vulnerability that could result in privilege escalation. It affects Animate CC 2019 19.2.1 and earlier versions, fixed with version 20.0.
The vulnerability can be tracked as CVE-2019-7960 and rated as Important.
APSB19-53 – Adobe Bridge CC
The security update fixes multiple vulnerabilities that would occur when parsing malformed SVG images, successful exploitation results in information disclosure in the context of the current user.
It affects Adobe Bridge CC 9.1 and earlier versions, fixed with Adobe Bridge CC 10.0. The vulnerabilities can be tracked as CVE-2019-8239, CVE-2019-8240 and rated as Important.
APSB19-52 – Adobe Media Encoder
The security release covers both critical and multiple important file parsing vulnerabilities, if the attackers manage to exploit the vulnerability it results in information disclosure with the context of the user.
The vulnerability affects Adobe Media Encoder 13.1 and earlier versions, fixed with 14.0. The vulnerabilities can be tracked as CVE-2019-8241, CVE-2019-8242, CVE-2019-8243, CVE-2019-8244, and CVE-2019-8246.
APSB19-36 – Adobe Illustrator
The update resolves critical and important vulnerabilities with Adobe Illustrator that could results in arbitrary code execution in the context of the current user.
The vulnerability affects Illustrator CC 2019 23.1 and earlier versions, fixed with version 24.0. The vulnerabilities can be tracked as CVE-2019-7962, CVE-2019-8247, and CVE-2019-8248.
Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
Also, Microsoft released security updates Fixed 74 Bugs Including IE Zero-day That Allow Hackers to Execute Arbitrary Code Remotely in Windows PC.